login box error ( Syntax error in string in query expression 'UserName= 'student Password = 'password)

Arif Liminto

Hi I am just starting c#. I am trying to build login box using c#. However, I got a problem that frustated me a lot I use microsoft access for my database. and I always get following error Syntax error in string in query expression 'UserName= fds' Password = sdf'. I have used oledb connection, oledb command, oledbdatareader. I think I have an error in my query in database here is my querry ------------------------------------------------------------------------------------------ String sqlCommand = "SELECT Username, Password FROM [logindatabase]" + "WHERE UserName= "+ username +"' Password = "+ password; ------------------------------------------------------------------------------------------- I am wondering why I got that message. but overall, the connection string is working successfully only this code make me stuck I am really lookig forward for your suggestion .Thanks so much.

PIEBALDconsult

A) You left out the apostrophes. B) You left out the AND. C) Don't do it that way; use parameters:

cmd.CommandText = "SELECT Username, Password FROM logindatabase WHERE UserName=@username and Password=@password" ;
cmd.Parameters.Add ( "@username" , username ) ;
cmd.Parameters.Add ( "@password" , password ) ;

Access and the Jet Engine will allow named parameters, but they need to be in the same order as in the statement. D) Why return the username and password? Why not a COUNT(*) or the user's ID or something? Returning a single value with ExecuteScalar is likely to be quicker. E) I prefer not to use concatenation to split long strings of SQL; I use verbatim strings (note the @):

cmd.CommandText =
@"
SELECT Username
,Password
FROM logindatabase
WHERE UserName=@username
and Password=@password
" ;

And why do so many people use a separate local string variable? :confused: F) Are you storing the plain-text password? I suggest using at least a hash of the password.

Arif Liminto

Thanks so much